Re: Apache mod_ssl off-by-one vulnerability

From: H D Moore (sflistat_private)
Date: Wed Jun 26 2002 - 19:46:12 PDT

Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"

Previous message: OpenPKG: "[OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)"
In reply to: Jedi/Sector One: "Apache mod_ssl off-by-one vulnerability"
Next in thread: Ken.Williamsat_private: "Re: Apache mod_ssl off-by-one vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just to confirm, the bug exists in 2.8.9 and earlier? The first part of the 
advisory mentions 2.4.9, so a casual reader may assume they are unaffected if 
they don't read all the way to the bottom...

On Monday 24 June 2002 15:47, Jedi/Sector One wrote:
> Product: mod_ssl - http://www.modssl.org/
> Date: 06/24/2002
> Summary: Off-by-one in mod_ssl 2.4.9 and earlier

 [ snip ]

> The mod_ssl development team was very reactive and a new version has just
> been released. mod_ssl 2.8.10 addresses the vulnerability and it is
> freely available from http://www.modssl.org/ . Upgrading from an earlier
> release is painless.

Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Previous message: OpenPKG: "[OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)"
In reply to: Jedi/Sector One: "Apache mod_ssl off-by-one vulnerability"
Next in thread: Ken.Williamsat_private: "Re: Apache mod_ssl off-by-one vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 27 2002 - 16:18:09 PDT